diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-03 14:37:18 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-01-03 16:14:18 +0100 |
commit | 091f5079a714a619d6f8044f1fed02d7a48ab5c7 (patch) | |
tree | 227ee17736c1a819307b6b5107d23097875a214b | |
parent | 3cad570427a96c30af9b6410961d0fa20bd47629 (diff) | |
download | gnutls-091f5079a714a619d6f8044f1fed02d7a48ab5c7.tar.gz |
status_request: eliminated leak on error path
Issue found using oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
-rw-r--r-- | lib/ext/status_request.c | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 5b9a71d898..f5a46dca23 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -689,18 +689,23 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session) data_size = buf.length; /* minimum message is type (1) + response (3) + data */ - if (data_size == 0) - return 0; - else if (data_size < 4) - return + if (data_size == 0) { + ret = 0; + goto error; + } else if (data_size < 4) { + ret = gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH); + goto error; + } if (data[0] != 0x01) { gnutls_assert(); _gnutls_handshake_log("EXT[%p]: unknown status_type %d\n", session, data[0]); - return 0; + ret = 0; + goto error; } + DECR_LENGTH_COM(data_size, 1, ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH; goto error); |